pycti 6.0.8__tar.gz → 6.0.10__tar.gz

{pycti-6.0.8 → pycti-6.0.10}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pycti
-Version: 6.0.8
+Version: 6.0.10
 Summary: Python API client for OpenCTI.
 Home-page: https://github.com/OpenCTI-Platform/client-python
 Author: Filigran
@@ -29,25 +29,25 @@ Requires-Dist: python-magic-bin~=0.4.14; sys_platform == "win32"
 Requires-Dist: python_json_logger~=2.0.4
 Requires-Dist: pyyaml~=6.0
 Requires-Dist: requests~=2.31.0
-Requires-Dist: setuptools~=69.2.0
+Requires-Dist: setuptools~=69.5.1
 Requires-Dist: filigran-sseclient~=1.0.0
 Requires-Dist: stix2~=3.0.1
 Requires-Dist: cachetools~=5.3.0
 Provides-Extra: dev
-Requires-Dist: black~=24.3.0; extra == "dev"
-Requires-Dist: build~=1.1.1; extra == "dev"
+Requires-Dist: black~=24.4.0; extra == "dev"
+Requires-Dist: build~=1.2.1; extra == "dev"
 Requires-Dist: isort~=5.13.0; extra == "dev"
 Requires-Dist: types-pytz~=2024.1.0.20240203; extra == "dev"
-Requires-Dist: pre-commit~=3.6.0; extra == "dev"
+Requires-Dist: pre-commit~=3.7.0; extra == "dev"
 Requires-Dist: pytest-cases~=3.8.0; extra == "dev"
-Requires-Dist: pytest-cov~=4.1.0; extra == "dev"
+Requires-Dist: pytest-cov~=5.0.0; extra == "dev"
 Requires-Dist: pytest_randomly~=3.15.0; extra == "dev"
 Requires-Dist: pytest~=8.1.1; extra == "dev"
 Requires-Dist: types-python-dateutil~=2.9.0; extra == "dev"
 Requires-Dist: wheel~=0.43.0; extra == "dev"
 Provides-Extra: doc
 Requires-Dist: autoapi~=2.0.1; extra == "doc"
-Requires-Dist: sphinx-autodoc-typehints~=2.0.0; extra == "doc"
+Requires-Dist: sphinx-autodoc-typehints~=2.1.0; extra == "doc"
 Requires-Dist: sphinx-rtd-theme~=2.0.0; extra == "doc"
 
 # OpenCTI client for Python

{pycti-6.0.8 → pycti-6.0.10}/pycti/__init__.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.0.8"
+__version__ = "6.0.10"
 
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector
@@ -53,9 +53,14 @@ from .entities.opencti_vulnerability import Vulnerability
 from .utils.constants import (
     CustomObjectCaseIncident,
     CustomObjectTask,
+    CustomObservableBankAccount,
+    CustomObservableCredential,
     CustomObservableCryptocurrencyWallet,
     CustomObservableHostname,
+    CustomObservablePaymentCard,
+    CustomObservablePhoneNumber,
     CustomObservableText,
+    CustomObservableTrackingNumber,
     CustomObservableUserAgent,
     MultipleRefRelationship,
     StixCyberObservableTypes,
@@ -128,9 +133,14 @@ __all__ = [
     "CustomObjectCaseIncident",
     "CustomObjectTask",
     "StixCyberObservableTypes",
+    "CustomObservableCredential",
     "CustomObservableHostname",
     "CustomObservableUserAgent",
+    "CustomObservableBankAccount",
     "CustomObservableCryptocurrencyWallet",
+    "CustomObservablePaymentCard",
+    "CustomObservablePhoneNumber",
+    "CustomObservableTrackingNumber",
     "CustomObservableText",
     "STIX_EXT_MITRE",
     "STIX_EXT_OCTI_SCO",

{pycti-6.0.8 → pycti-6.0.10}/pycti/api/opencti_api_client.py

@@ -108,6 +108,7 @@ class OpenCTIApiClient:
         ssl_verify=False,
         proxies=None,
         json_logging=False,
+        bundle_send_to_queue=True,
         cert=None,
         auth=None,
         perform_health_check=True,
@@ -115,6 +116,7 @@ class OpenCTIApiClient:
         """Constructor method"""
 
         # Check configuration
+        self.bundle_send_to_queue = bundle_send_to_queue
         self.ssl_verify = ssl_verify
         self.cert = cert
         self.proxies = proxies

{pycti-6.0.8 → pycti-6.0.10}/pycti/api/opencti_api_work.py

@@ -9,28 +9,34 @@ class OpenCTIApiWork:
         self.api = api
 
     def to_received(self, work_id: str, message: str):
-        self.api.app_logger.info("Reporting work update_received", {"work_id": work_id})
-        query = """
-            mutation workToReceived($id: ID!, $message: String) {
-                workEdit(id: $id) {
-                    toReceived (message: $message)
+        if self.api.bundle_send_to_queue:
+            self.api.app_logger.info(
+                "Reporting work update_received", {"work_id": work_id}
+            )
+            query = """
+                mutation workToReceived($id: ID!, $message: String) {
+                    workEdit(id: $id) {
+                        toReceived (message: $message)
+                    }
                 }
-            }
-           """
-        self.api.query(query, {"id": work_id, "message": message})
+               """
+            self.api.query(query, {"id": work_id, "message": message})
 
     def to_processed(self, work_id: str, message: str, in_error: bool = False):
-        self.api.app_logger.info(
-            "Reporting work update_processed", {"work_id": work_id}
-        )
-        query = """
-            mutation workToProcessed($id: ID!, $message: String, $inError: Boolean) {
-                workEdit(id: $id) {
-                    toProcessed (message: $message, inError: $inError)
+        if self.api.bundle_send_to_queue:
+            self.api.app_logger.info(
+                "Reporting work update_processed", {"work_id": work_id}
+            )
+            query = """
+                mutation workToProcessed($id: ID!, $message: String, $inError: Boolean) {
+                    workEdit(id: $id) {
+                        toProcessed (message: $message, inError: $inError)
+                    }
                 }
-            }
-           """
-        self.api.query(query, {"id": work_id, "message": message, "inError": in_error})
+               """
+            self.api.query(
+                query, {"id": work_id, "message": message, "inError": in_error}
+            )
 
     def ping(self, work_id: str):
         self.api.app_logger.info("Ping work", {"work_id": work_id})
@@ -44,49 +50,52 @@ class OpenCTIApiWork:
         self.api.query(query, {"id": work_id})
 
     def report_expectation(self, work_id: str, error):
-        self.api.app_logger.info("Report expectation", {"work_id": work_id})
-        query = """
-            mutation reportExpectation($id: ID!, $error: WorkErrorInput) {
-                workEdit(id: $id) {
-                    reportExpectation(error: $error)
+        if self.api.bundle_send_to_queue:
+            self.api.app_logger.info("Report expectation", {"work_id": work_id})
+            query = """
+                mutation reportExpectation($id: ID!, $error: WorkErrorInput) {
+                    workEdit(id: $id) {
+                        reportExpectation(error: $error)
+                    }
                 }
-            }
-           """
-        try:
-            self.api.query(query, {"id": work_id, "error": error})
-        except:
-            self.api.app_logger.error("Cannot report expectation")
+               """
+            try:
+                self.api.query(query, {"id": work_id, "error": error})
+            except:
+                self.api.app_logger.error("Cannot report expectation")
 
     def add_expectations(self, work_id: str, expectations: int):
-        self.api.app_logger.info(
-            "Update action expectations",
-            {"work_id": work_id, "expectations": expectations},
-        )
-        query = """
-            mutation addExpectations($id: ID!, $expectations: Int) {
-                workEdit(id: $id) {
-                    addExpectations(expectations: $expectations)
+        if self.api.bundle_send_to_queue:
+            self.api.app_logger.info(
+                "Update action expectations",
+                {"work_id": work_id, "expectations": expectations},
+            )
+            query = """
+                mutation addExpectations($id: ID!, $expectations: Int) {
+                    workEdit(id: $id) {
+                        addExpectations(expectations: $expectations)
+                    }
                 }
-            }
-           """
-        try:
-            self.api.query(query, {"id": work_id, "expectations": expectations})
-        except:
-            self.api.app_logger.error("Cannot report expectation")
+               """
+            try:
+                self.api.query(query, {"id": work_id, "expectations": expectations})
+            except:
+                self.api.app_logger.error("Cannot report expectation")
 
     def initiate_work(self, connector_id: str, friendly_name: str) -> str:
-        self.api.app_logger.info("Initiate work", {"connector_id": connector_id})
-        query = """
-            mutation workAdd($connectorId: String!, $friendlyName: String) {
-                workAdd(connectorId: $connectorId, friendlyName: $friendlyName) {
-                  id
+        if self.api.bundle_send_to_queue:
+            self.api.app_logger.info("Initiate work", {"connector_id": connector_id})
+            query = """
+                mutation workAdd($connectorId: String!, $friendlyName: String) {
+                    workAdd(connectorId: $connectorId, friendlyName: $friendlyName) {
+                      id
+                    }
                 }
-            }
-           """
-        work = self.api.query(
-            query, {"connectorId": connector_id, "friendlyName": friendly_name}
-        )
-        return work["data"]["workAdd"]["id"]
+               """
+            work = self.api.query(
+                query, {"connectorId": connector_id, "friendlyName": friendly_name}
+            )
+            return work["data"]["workAdd"]["id"]
 
     def delete_work(self, work_id: str):
         query = """

{pycti-6.0.8 → pycti-6.0.10}/pycti/connector/opencti_connector_helper.py

@@ -728,6 +728,32 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         self.connect_auto = get_config_variable(
             "CONNECTOR_AUTO", ["connector", "auto"], config, False, False
         )
+        self.bundle_send_to_queue = get_config_variable(
+            "CONNECTOR_SEND_TO_QUEUE",
+            ["connector", "send_to_queue"],
+            config,
+            False,
+            True,
+        )
+        self.bundle_send_to_directory = get_config_variable(
+            "CONNECTOR_SEND_TO_DIRECTORY",
+            ["connector", "send_to_directory"],
+            config,
+            False,
+            False,
+        )
+        self.bundle_send_to_directory_path = get_config_variable(
+            "CONNECTOR_SEND_TO_DIRECTORY_PATH",
+            ["connector", "send_to_directory_path"],
+            config,
+        )
+        self.bundle_send_to_directory_retention = get_config_variable(
+            "CONNECTOR_SEND_TO_DIRECTORY_RETENTION",
+            ["connector", "send_to_directory_retention"],
+            config,
+            True,
+            7,
+        )
         self.connect_only_contextual = get_config_variable(
             "CONNECTOR_ONLY_CONTEXTUAL",
             ["connector", "only_contextual"],
@@ -749,6 +775,8 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
             "CONNECTOR_VALIDATE_BEFORE_IMPORT",
             ["connector", "validate_before_import"],
             config,
+            False,
+            False,
         )
         # Start up the server to expose the metrics.
         expose_metrics = get_config_variable(
@@ -769,6 +797,7 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
             self.opencti_token,
             self.log_level,
             json_logging=self.opencti_json_logging,
+            bundle_send_to_queue=self.bundle_send_to_queue,
         )
         # - Impersonate API that will use applicant id
         # Behave like standard api if applicant not found
@@ -777,6 +806,7 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
             self.opencti_token,
             self.log_level,
             json_logging=self.opencti_json_logging,
+            bundle_send_to_queue=self.bundle_send_to_queue,
         )
         self.connector_logger = self.api.logger_class(self.connect_name)
         # For retro compatibility
@@ -1075,6 +1105,16 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         bypass_validation = kwargs.get("bypass_validation", False)
         entity_id = kwargs.get("entity_id", None)
         file_name = kwargs.get("file_name", None)
+        bundle_send_to_queue = kwargs.get("send_to_queue", self.bundle_send_to_queue)
+        bundle_send_to_directory = kwargs.get(
+            "send_to_directory", self.bundle_send_to_directory
+        )
+        bundle_send_to_directory_path = kwargs.get(
+            "send_to_directory_path", self.bundle_send_to_directory_path
+        )
+        bundle_send_to_directory_retention = kwargs.get(
+            "send_to_directory_retention", self.bundle_send_to_directory_retention
+        )
 
         # In case of enrichment ingestion, ensure the sharing if needed
         if self.enrichment_shared_organizations is not None:
@@ -1114,13 +1154,14 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
                         )
             bundle = json.dumps(bundle_data)
 
+        # If execution in playbook, callback the api
         if self.playbook is not None:
             self.api.playbook.playbook_step_execution(self.playbook, bundle)
             return [bundle]
 
+        # Upload workbench in case of pending validation
         if not file_name and work_id:
             file_name = f"{work_id}.json"
-
         if self.connect_validate_before_import and not bypass_validation and file_name:
             self.api.upload_pending_file(
                 file_name=file_name,
@@ -1130,8 +1171,61 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
             )
             return []
 
-        if entities_types is None:
-            entities_types = []
+        # If directory setup, write the bundle to the target directory
+        if bundle_send_to_directory and bundle_send_to_directory_path is not None:
+            self.connector_logger.info(
+                "The connector sending bundle to directory",
+                {
+                    "connector": self.connect_name,
+                    "directory": bundle_send_to_directory_path,
+                    "also_queuing": bundle_send_to_queue,
+                },
+            )
+            bundle_file = (
+                self.connect_name.lower().replace(" ", "_")
+                + "-"
+                + time.strftime("%Y%m%d-%H%M%S-")
+                + str(time.time())
+                + ".json"
+            )
+            write_file = os.path.join(
+                bundle_send_to_directory_path, bundle_file + ".tmp"
+            )
+            message_bundle = {
+                "bundle_type": "DIRECTORY_BUNDLE",
+                "applicant_id": self.applicant_id,
+                "connector": {
+                    "id": self.connect_id,
+                    "name": self.connect_name,
+                    "type": self.connect_type,
+                    "scope": self.connect_scope,
+                    "auto": self.connect_auto,
+                    "validate_before_import": self.connect_validate_before_import,
+                },
+                "entities_types": entities_types,
+                "bundle": json.loads(bundle),
+                "update": update,
+            }
+            # Maintains the list of files under control
+            if bundle_send_to_directory_retention > 0:  # If 0, disable the auto remove
+                current_time = time.time()
+                for f in os.listdir(bundle_send_to_directory_path):
+                    if f.endswith(".json"):
+                        file_location = os.path.join(bundle_send_to_directory_path, f)
+                        file_time = os.stat(file_location).st_mtime
+                        is_expired_file = (
+                            file_time
+                            < current_time - 86400 * bundle_send_to_directory_retention
+                        )  # 86400 = 1 day
+                        if is_expired_file:
+                            os.remove(file_location)
+            # Write the bundle to target directory
+            with open(write_file, "w") as f:
+                str_bundle = json.dumps(message_bundle)
+                f.write(str_bundle)
+            # Rename the file after full write
+            final_write_file = os.path.join(bundle_send_to_directory_path, bundle_file)
+            os.rename(write_file, final_write_file)
 
         if bypass_split:
             bundles = [bundle]
@@ -1143,44 +1237,48 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
             self.metric.inc("error_count")
             raise ValueError("Nothing to import")
 
-        if work_id:
-            self.api.work.add_expectations(work_id, len(bundles))
-
-        pika_credentials = pika.PlainCredentials(
-            self.connector_config["connection"]["user"],
-            self.connector_config["connection"]["pass"],
-        )
-        pika_parameters = pika.ConnectionParameters(
-            host=self.connector_config["connection"]["host"],
-            port=self.connector_config["connection"]["port"],
-            virtual_host=self.connector_config["connection"]["vhost"],
-            credentials=pika_credentials,
-            ssl_options=(
-                pika.SSLOptions(
-                    create_mq_ssl_context(self.config),
-                    self.connector_config["connection"]["host"],
-                )
-                if self.connector_config["connection"]["use_ssl"]
-                else None
-            ),
-        )
-        pika_connection = pika.BlockingConnection(pika_parameters)
-        channel = pika_connection.channel()
-        try:
-            channel.confirm_delivery()
-        except Exception as err:  # pylint: disable=broad-except
-            self.connector_logger.warning(str(err))
-        for sequence, bundle in enumerate(bundles, start=1):
-            self._send_bundle(
-                channel,
-                bundle,
-                work_id=work_id,
-                entities_types=entities_types,
-                sequence=sequence,
-                update=update,
+        if bundle_send_to_queue:
+            if work_id:
+                self.api.work.add_expectations(work_id, len(bundles))
+            if entities_types is None:
+                entities_types = []
+            pika_credentials = pika.PlainCredentials(
+                self.connector_config["connection"]["user"],
+                self.connector_config["connection"]["pass"],
+            )
+            pika_parameters = pika.ConnectionParameters(
+                host=self.connector_config["connection"]["host"],
+                port=self.connector_config["connection"]["port"],
+                virtual_host=self.connector_config["connection"]["vhost"],
+                credentials=pika_credentials,
+                ssl_options=(
+                    pika.SSLOptions(
+                        create_mq_ssl_context(self.config),
+                        self.connector_config["connection"]["host"],
+                    )
+                    if self.connector_config["connection"]["use_ssl"]
+                    else None
+                ),
             )
-        channel.close()
-        pika_connection.close()
+            pika_connection = pika.BlockingConnection(pika_parameters)
+            channel = pika_connection.channel()
+            try:
+                channel.confirm_delivery()
+            except Exception as err:  # pylint: disable=broad-except
+                self.connector_logger.warning(str(err))
+            self.connector_logger.info(self.connect_name + " sending bundle to queue")
+            for sequence, bundle in enumerate(bundles, start=1):
+                self._send_bundle(
+                    channel,
+                    bundle,
+                    work_id=work_id,
+                    entities_types=entities_types,
+                    sequence=sequence,
+                    update=update,
+                )
+            channel.close()
+            pika_connection.close()
+
         return bundles
 
     def _send_bundle(self, channel, bundle, **kwargs) -> None:
@@ -1212,6 +1310,7 @@ class OpenCTIConnectorHelper:  # pylint: disable=too-many-public-methods
         # if self.current_work_id is None:
         #    raise ValueError('The job id must be specified')
         message = {
+            "bundle_type": "QUEUE_BUNDLE",
             "applicant_id": self.applicant_id,
             "action_sequence": sequence,
             "entities_types": entities_types,

{pycti-6.0.8 → pycti-6.0.10}/pycti/entities/opencti_incident.py

@@ -458,6 +458,10 @@ class Incident:
                 stix_object["x_opencti_granted_refs"] = (
                     self.opencti.get_attribute_in_extension("granted_refs", stix_object)
                 )
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object["x_opencti_workflow_id"] = (
+                    self.opencti.get_attribute_in_extension("workflow_id", stix_object)
+                )
 
             return self.create(
                 stix_id=stix_object["id"],

{pycti-6.0.8 → pycti-6.0.10}/pycti/entities/opencti_indicator.py

@@ -468,6 +468,7 @@ class Indicator:
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         create_observables = kwargs.get("x_opencti_create_observables", False)
         granted_refs = kwargs.get("objectOrganization", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
 
         if (
@@ -528,6 +529,7 @@ class Indicator:
                         "x_opencti_stix_ids": x_opencti_stix_ids,
                         "killChainPhases": kill_chain_phases,
                         "createObservables": create_observables,
+                        "x_opencti_workflow_id": x_opencti_workflow_id,
                         "update": update,
                     }
                 },
@@ -642,6 +644,10 @@ class Indicator:
                 stix_object["x_opencti_granted_refs"] = (
                     self.opencti.get_attribute_in_extension("granted_refs", stix_object)
                 )
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object["x_opencti_workflow_id"] = (
+                    self.opencti.get_attribute_in_extension("workflow_id", stix_object)
+                )
 
             return self.create(
                 stix_id=stix_object["id"],
@@ -740,6 +746,11 @@ class Indicator:
                     if "x_opencti_granted_refs" in stix_object
                     else None
                 ),
+                x_opencti_workflow_id=(
+                    stix_object["x_opencti_workflow_id"]
+                    if "x_opencti_workflow_id" in stix_object
+                    else None
+                ),
                 update=update,
             )
         else:

{pycti-6.0.8 → pycti-6.0.10}/pycti/entities/opencti_intrusion_set.py

@@ -363,6 +363,7 @@ class IntrusionSet:
         secondary_motivations = kwargs.get("secondary_motivations", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         granted_refs = kwargs.get("objectOrganization", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
 
         if name is not None:
@@ -402,6 +403,7 @@ class IntrusionSet:
                         "primary_motivation": primary_motivation,
                         "secondary_motivations": secondary_motivations,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
+                        "x_opencti_workflow_id": x_opencti_workflow_id,
                         "update": update,
                     }
                 },
@@ -435,7 +437,11 @@ class IntrusionSet:
                 stix_object["x_opencti_granted_refs"] = (
                     self.opencti.get_attribute_in_extension("granted_refs", stix_object)
                 )
-
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object["x_opencti_workflow_id"] = (
+                    self.opencti.get_attribute_in_extension("workflow_id", stix_object)
+                )
+                7
             return self.create(
                 stix_id=stix_object["id"],
                 createdBy=(
@@ -500,6 +506,11 @@ class IntrusionSet:
                     if "x_opencti_granted_refs" in stix_object
                     else None
                 ),
+                x_opencti_workflow_id=(
+                    stix_object["x_opencti_workflow_id"]
+                    if "x_opencti_workflow_id" in stix_object
+                    else None
+                ),
                 update=update,
             )
         else:

{pycti-6.0.8 → pycti-6.0.10}/pycti/entities/opencti_malware_analysis.py

@@ -401,6 +401,7 @@ class MalwareAnalysis:
         analysisSco = kwargs.get("analysisSco", None)
         x_opencti_stix_ids = kwargs.get("x_opencti_stix_ids", None)
         granted_refs = kwargs.get("objectOrganization", None)
+        x_opencti_workflow_id = kwargs.get("x_opencti_workflow_id", None)
         update = kwargs.get("update", False)
 
         if product is not None and result_name is not None:
@@ -449,6 +450,7 @@ class MalwareAnalysis:
                         "analysisSample": sample,
                         "analysisSco": analysisSco,
                         "x_opencti_stix_ids": x_opencti_stix_ids,
+                        "x_opencti_workflow_id": x_opencti_workflow_id,
                         "update": update,
                     }
                 },
@@ -482,6 +484,10 @@ class MalwareAnalysis:
                 stix_object["x_opencti_granted_refs"] = (
                     self.opencti.get_attribute_in_extension("granted_refs", stix_object)
                 )
+            if "x_opencti_workflow_id" not in stix_object:
+                stix_object["x_opencti_workflow_id"] = (
+                    self.opencti.get_attribute_in_extension("workflow_id", stix_object)
+                )
 
             return self.create(
                 stix_id=stix_object["id"],
@@ -574,6 +580,11 @@ class MalwareAnalysis:
                     if "x_opencti_granted_refs" in stix_object
                     else None
                 ),
+                x_opencti_workflow_id=(
+                    stix_object["x_opencti_workflow_id"]
+                    if "x_opencti_workflow_id" in stix_object
+                    else None
+                ),
                 update=update,
             )
         else:

{pycti-6.0.8 → pycti-6.0.10}/pycti/entities/opencti_stix_core_object.py

@@ -615,6 +615,12 @@ class StixCoreObject:
             ... on PhoneNumber {
                 value
             }
+            ... on TrackingNumber {
+                value
+            }
+            ... on Credential {
+                value
+            }
             ... on PaymentCard {
                 card_number
                 expiration_date